package com.wangyu.talents.common.support.security;

import com.wangyu.talents.common.utils.HtmlUtils;
import java.beans.PropertyEditorSupport;
import org.springframework.web.util.JavaScriptUtils;

/**
 * 结合@InitBinder 防止XSS攻击
 *
 * @author wangyu
 * @Date 2018-09-02 12:17
 */
public class StringEscapeEditor extends PropertyEditorSupport {

  private boolean escapeHTML;// 编码HTML
  private boolean escapeJavaScript;// 编码javascript

  public StringEscapeEditor() {
    super();
  }

  public StringEscapeEditor(boolean escapeHTML, boolean escapeJavaScript) {
    super();
    this.escapeHTML = escapeHTML;
    this.escapeJavaScript = escapeJavaScript;
  }

  @Override
  public String getAsText() {
    Object value = getValue();
    return value != null ? value.toString() : "";
  }

  @Override
  public void setAsText(String text) throws IllegalArgumentException {
    if (text == null) {
      setValue(null);
    } else {
      String value = text;
      if (escapeHTML) {
        value = HtmlUtils.htmlEscape(value);
      }
      if (escapeJavaScript) {
        value = JavaScriptUtils.javaScriptEscape(value);
      }
      setValue(value);
    }
  }
}
